Symantec LiveUpdate for Macintosh Local Privilege Escalation

1091

06 March 2020

17 April 2006

CLOSED

MEDIUM

SUMMARY

 

Some components of Symantec's LiveUpdate for Macintosh do not set their execution path environment

Risk Impact
Medium

Remote Access

No

Local Access

Yes

Authentication Required

Yes

Exploit publicly available

No

 

AFFECTED PRODUCTS

 

Product

Version

Build

Language

Solution(s)

LiveUpdate for Macintosh

3.0.0

All

All

Live Update Patch

3.0.1

All

All

3.0.2

All

All

3.0.3

5

English

3.0.3

11

All

3.0.3

15

All

3.5.0

47

All

3.5.0

48

All

Norton AntiVirus

9.0.x

All

All

Norton AntiVirus

10.x

All

All

Symantec AntiVirus

10.x

All

All

Norton Personal Firewall

3.0.x

All

All

Norton Personal Firewall

3.1.0

All

All

Norton Internet Security

3.0.x

All

All

Norton Utilities

8.0.x

All

All

Norton SystemWorks

3.0.x

All

All

 

ISSUES

 

A non-privileged user can change their execution path environment. If the user then executes one of these components, it will inherit the changed environment and use it to locate system commands. These components are configured to run with System Administrative privileges (SUID) and are vulnerable to a potential Trojan horse attack.

MITIGATION

 

Symantec Response
A patch has been created and made available for all affected versions of the product through Symantec LiveUpdate.

To perform a manual update using Symantec LiveUpdate, users should:

  • Open any installed Symantec product
  • Click on LiveUpdate in the toolbar
  • Run LiveUpdate until all available Symantec product updates are downloaded and installed

Symantec is not aware of any active attempts against or customers impacted by this issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec strongly recommends any affected customers update their product immediately to protect against these types of threats.

ACKNOWLEDGEMENTS

 

Symantec thanks DigitalMunition.com working with iDefense, for notifying Symantec of this issue